Online and offline frauds with your payment cards or payment accounts

12 July 2017

Payment card is a very convenient and profitable tool. It is hard to argue with this: bank card is the fastest and simplest way to make purchases, whether at the point of sale, on the Internet, or by email or smartphone. In addition, plastic card is potentially more secure compared with paper money – anyone can make use of the stolen cash, however, you need put forth tremendous effort to make use of stolen card.

Over the past years, cybercriminals have invented host of sophisticated ways of fraud with payment cards, which has even caused the emergence of a special term called “carding”. It denotes different types of card misuse, where withdrawals occur without cardholder’s awareness or confirmation. Someone will argue that it is necessary to know PIN-code for utilizing the card; however, unfortunately that is not the case.

We have looked into the matter of the most common types of payment card frauds, which card owners would better know about far ahead of the game. So they say, forewarned is forearmed.

Preventing fraud through awareness

Detecting payment card fraud begins with keeping your eyes and ears open. Bad cards can be broadly classified into two groups. The first category is lost or stolen cards, where the card is legitimate, but the user is not the authorized cardholder. The second one is counterfeit cards, where the card is illegally produced, but looks and works like a legitimate card. According to the bank security specialists, the perpetrators of payment card fraud often recourse to the following scams:

Fraud at ATMs

Fraudsters develop and produce fake ATMs for card trapping, or remake their old analogues that look like the real thing. ATMs are located in the busiest places. After inserting the card into the ATM and entering PIN-code, phantom ATM displays a technical error or lack of funds on the account. In this case, the user without a second thought will look for another ATM machine; in the meantime, all card data is read by the forge machine.

Copying magnetic stripe or skimming

Skimming means setting special illegal devices on lobby ATMs that read all the data from magnetic stripe cards, including PIN-code. Such “alien” devices (skimmers) can be in the type of a card reader or a miniature video camera above the ATM’s keyboard. In addition, fraudsters often resort to the use of overlays over the actual keyboard surface ideally imitating ATM’s design. As a result, cardholders are offered to enter PIN-code in a false panel, which sits atop the PIN pad and stores entered data. Such fake devices are sometimes installed next to the reading sensors intended to enter ATM rooms utilizing a bank card as an identifier (electronic key).

Phishing

Phishing email messages and websites are designed to “fish” for card owner’s sensitive information (card number, PIN-code, CVV / CVC). It is most commonly used for email spoofing or instant messaging on behalf of the bank or payment system with a request to confirm the specified private data on the organization’s website. For instance, the Chthonic virus attacked more than 140 banks worldwide. It steals passwords from mobile banking accounts. When connecting to a bank website, the virus adds its phishing code to the body of html-page in the browser. That way, directing users to enter personal information at a fake website, the look and feel of which are almost identical to the legitimate one, attackers exploit weaknesses in the current web security.

Vishing

Vishing is obtaining confidential information by phone call or SMS message. Posing as a staff of the Bank Security Department, scammers inform the customer that his/her card is blocked and he/she needs to call back to the specified phone number and provide the card number and PIN-code. Under the pretext of unlocking the card, the attackers obtain a customer’s consent to carry out transactions on payment card, and soon after that they steal money by wire transfer to other accounts.

Shimming

Shimming is a type of skimming of a new generation, implying the use of a shimmer (device with light reflecting particles), which is invisibly inserted into the card reader. It allows fraudsters to read the card data (card number, PIN-code) to be displaced subsequently to white plastic (card’s “clone”, which does not have any data about the bank or payment system). It is worthwhile noting that shimming is quite a costly fraud method to be utilized by attackers, so it does not occur very often, but it is bloody difficult to steer clear from it.

Multiple imprint fraud and altered sales drafts

Multiple imprint fraud is a collusion of trade and service enterprises, providing for multiple imprint of payment cards to obtain additional copies of card slips, used subsequently for fraudulent purposes. While shopping in such stores, thieving merchants make more than one card slips (sales drafts with card imprint and cardholder’s signature) using card terminals, known as imprinters or “knuckle-busters”, to generate new payment documents later on, or change the transaction amount after the customer signs the card slip.

Lebanese Loop

A Lebanese Loop is a device that prevents payment card inserted into the ATM from being released back to its owner. In its simplest form, it is a strip or sleeve of metal or plastic, which blocks the ATM’s card slot, causing any inserted card to be apparently retained by the machine, allowing it to be retrieved by the fraudster when the cardholder leaves.

Simple ways to avoid payment card frauds

Payment card fraud takes place every day in a variety of ways. Users are not able to always prevent it from happening, but they can create some obstacles and make it tougher for someone to get hold of their cards and card numbers by taking the following simple steps:

– Avoid giving out your card information. Never give your PIN-code to anyone, do not write it on a piece of paper and, of course, do not store it near the card.

– Report lost or stolen card immediately. If the card is lost or you suspect that the card data has become known to third parties, immediately connect to around the clock customer support service of the bank and lock the card.

– Beware! Do not take advice from third parties, if you encounter problems with ATM machine – just call customer support service of the bank, its phone number is usually indicated on the ATM.

– Be safe with your card online. Do not make purchases on suspicious websites, pay attention to the support of 3D-Secure technologies. The presence of this technology is indicated on websites with the logos “Verified by Visa” and “MasterCard SecureCode”. In addition, when making online transactions, be sure that website address starts with https: // protocol, in which “s” is responsible for a secure connection and creates a reliable channel for data transfer.

– Get a virtual card. Do not keep heap of money on the card that you utilize for Internet payments. It is much cheaper and safer to issue an online card for big-budget purchases.

– Enable “SMS-informing” service. SMS-message will come to your mobile phone regarding any operation on your card, which will allow you to monitor transactions in the online mode.

– Restrict transaction amount. Set an intra-day limit of withdrawing cash from the card.

– Keep an eye on your card. When you pay in a store or restaurant, do not lose sight of your card. Ask for imprinting the card slip in your presence. Let them bring an imprinter or go to the cashier yourself. Otherwise, they can make multiple imprint of your card, and it is not difficult to forge your signature.

– Shred anything with your card number on it. If you imprint card slip in a store, but your bank does not authorize transaction or you change your mind about making a purchase, make sure that your card slip is torn to shreds in your presence. If the first card slip is badly printed, be sure to take away the defective sales draft!

– Review your billing statements each month. Unauthorized charges on your payment card are the first indicator of card fraud. If you notice a charge you did not make, no matter how small it is, report the charge to your card issuer immediately. Your card issuer will tell you whether you should close your account to avoid card fraud.

While consumers can rest assured that measures such as Zero Liability policy protects them from unauthorized transactions in digital and electronic payments, they ultimately have a role to play as well. Knowing how fraud happens is a good way to take steps to prevent it.

Staying vigilant about protecting your personal information can also greatly reduce risk of theft or fraud — an important and necessary step in today’s digital world. While payment cards have built-in protections, the first line of defense really starts with the cardholder.